-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Dec 2025 13:52:56 +0100
Source: pgbouncer
Binary: pgbouncer pgbouncer-dbgsym
Architecture: ppc64el
Version: 1.24.1-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: ppc64el Build Daemon (ppc64el-conova-01) <buildd_ppc64el-ppc64el-conova-01@buildd.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Description:
 pgbouncer  - lightweight connection pooler for PostgreSQL
Changes:
 pgbouncer (1.24.1-1+deb13u1) trixie; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Security Team.
   * CVE-2025-12819: execute arbitrary SQL during authentication.
     Untrusted search path in auth_query connection handler in PgBouncer
     before 1.25.1 allows an unauthenticated attacker to execute arbitrary
     SQL during authentication via a malicious search_path parameter in the
     StartupMessage.
Checksums-Sha1:
 fbf025e60ca6fbd3a1f6e6e12ef738e74cb8bbf6 595820 pgbouncer-dbgsym_1.24.1-1+deb13u1_ppc64el.deb
 ec438275d08015401a9e6bc3c00f87e30327813b 8767 pgbouncer_1.24.1-1+deb13u1_ppc64el-buildd.buildinfo
 f493af8175862418263805a7282b5cdc7f7d9f9c 263776 pgbouncer_1.24.1-1+deb13u1_ppc64el.deb
Checksums-Sha256:
 563670eb5d69e1c7da7b5ef8ec059494bbfe49eba47d8aa63e93098dfdbdfeba 595820 pgbouncer-dbgsym_1.24.1-1+deb13u1_ppc64el.deb
 41a4221a3f208df0470740baa54adc28a12655d44ee6464820e59b33c3973172 8767 pgbouncer_1.24.1-1+deb13u1_ppc64el-buildd.buildinfo
 80aaf89a61d8087f3e3cca88196bffad86f6281bf81b4e9c110e4f8cf8d686f4 263776 pgbouncer_1.24.1-1+deb13u1_ppc64el.deb
Files:
 f5df344642eb360356f4ce758eba9822 595820 debug optional pgbouncer-dbgsym_1.24.1-1+deb13u1_ppc64el.deb
 113cc23444366ab6034833868f4d4bf6 8767 database optional pgbouncer_1.24.1-1+deb13u1_ppc64el-buildd.buildinfo
 edc2d3cfec9e170ec05497b72cfb4124 263776 database optional pgbouncer_1.24.1-1+deb13u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEDoRc43uRWMOoIqIgDNLUPhbmg7MFAmlW9B0ACgkQDNLUPhbm
g7PO+Q//eVjhRZ29FXKX/NQRZ3TZnd5Zbadym7lSaOYoBkil6PmkwdIyWSc9hmit
B6kTvF3ALmqLrYGnIhYwEVM0T9MeIZyE6HD3HJBcuY3OrO7eUacSPtE4cE/qVSxV
76Ib3ugqCdodW+VIoEs9t53/KGeX9lXaQiAESVICz+peZqDcngKbB1VziAIMLeem
XQ08uf2o6C/nwqIqzCTsIFsaYJgd1ejZbPhYgxjCU6xcueGWxQxzd0pHbqxFUmw1
pCV7t1omqJ5XDL8KKtXb6uar9SMZhfUpQp3TfM577eygsIVzuNUtiZPRhoHm8zof
2ZbfYnC4lAQGvisxgDGA+2MWb6RMl11opJ2rVhVMljLXkRGstFm+t51PWP4uyiZk
uVwUsO3KMYUNS6FUcF0Oq9azLohgV0DOqyIruOTGK0/2XpNc3v18MPXSw+GSKmQB
LhSm4XCDqBn+CWLoMT6d9nm2hIKtfx0cfXnAquMoy5j4YnAP0J+Pqmhn1w8rgRyO
zy4qdkacrttHpol+dRO0yDcP2owTMjKnb1BG6jQthilNE0FN2pDYzeIqk9cuaUVZ
GtIilwyaRBEnfHjVQ+7jLMUlajyWLljoQ9fjDNOv2YCKXUVFuhzEoUaEAsRJCuqe
RauPwShJ0haHP2lssQ63dx4wLQ2R/CgsKTMt2HtM7cLgBse/9Ow=
=WfMS
-----END PGP SIGNATURE-----